security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
14,235 Commits 1 Branch 57 Tags
bcce3a85aa43a936412fd32ffdfd41ea71ce1e02
Commit Graph

349 Commits

Author SHA1 Message Date
frack113 756a248032 update logsource 2023-01-04 18:52:24 +01:00
frack113 c62d624892 Use W3C cs-uri-query 2023-01-02 18:56:34 +01:00
frack113 41c850e00b Use W3C cs-uri-query 2023-01-02 18:45:50 +01:00
frack113 a1a94a0b66 Update W3C field name 2023-01-02 16:39:55 +01:00
frack113 a6659bc7d8 Update W3C field name 2023-01-02 16:00:29 +01:00
frack113 99172a99e2 Update W3C field name 2023-01-02 15:56:10 +01:00
frack113 8720356684 Update field name 2023-01-02 15:49:45 +01:00
Nasreddine Bencherchali de704d285a feat: new rule related to CVE-2022-46169 2022-12-27 14:22:53 +01:00
frack113 7060db3d47 Promotion rules (#3821) 
* Promotion rules

* fix missing null

* fix: modified date

Co-authored-by: Nasreddine Bencherchali <8741929+nasbench@users.noreply.github.com>
 2022-12-27 12:29:10 +01:00
Nasreddine Bencherchali 17aae0161d fix: add other missing encoded @ symbol 2022-12-22 14:55:20 +01:00
Nasreddine Bencherchali 74f198460e fix: add good ua as filter 2022-12-22 14:50:30 +01:00
Nasreddine Bencherchali 62a828e184 feat: more updates 2022-12-22 14:45:53 +01:00
Nasreddine Bencherchali 8fd9181392 fix: typo in selection 2022-12-22 14:35:22 +01:00
Nasreddine Bencherchali cc3dce61d7 fix: apply suggestions from code review 
Co-authored-by: frack113 <62423083+frack113@users.noreply.github.com>
 2022-12-22 14:25:50 +01:00
Nasreddine Bencherchali 3b54d8de79 fix: metadata 2022-12-22 12:20:18 +01:00
Nasreddine Bencherchali e61795a1ea feat: proxynotshell owa variant rules 2022-12-22 12:10:29 +01:00
Nasreddine Bencherchali ecaf76f661 Merge pull request #1964 from BlackB0lt/patch-14 
Create CVE-2021-26084 detection
 2022-12-18 21:08:48 +01:00
Nasreddine Bencherchali ca74357016 fix: enhance logic and metadata 2022-12-13 18:42:21 +01:00
Nasreddine Bencherchali 078fcaab28 fix: update description 2022-12-13 00:17:04 +01:00
Nasreddine Bencherchali 8011ef23a3 fix: enhance logic, description and title 2022-12-13 00:15:49 +01:00
Gott 796db1479f Update web_cve_2021_27905_apache_solr_lfi_exploit.yml 2022-12-12 17:31:32 -05:00
Nasreddine Bencherchali 14ccb7b00e fix: broken tag 2022-12-12 23:26:19 +01:00
Gott 11351b78dd Rename web_cve_2021-27905_apache_solr_lfi_exploit.yml to web_cve_2021_27905_apache_solr_lfi_exploit.yml 2022-12-12 17:17:11 -05:00
Gott c91c775f58 Rename web_apache_solr_lfi_exploit.yml to web_cve_2021-27905_apache_solr_lfi_exploit.yml 2022-12-12 17:16:52 -05:00
Gott b9b88b1382 Update web_apache_solr_lfi_exploit.yml 2022-12-12 17:16:03 -05:00
Gott af0b1e61b4 Create web_apache_solr_lfi_exploit.yml 2022-12-11 10:53:38 -05:00
Nasreddine Bencherchali 87b709a3e6 feat: add missing /r to cmd 2022-11-18 13:45:01 +01:00
Nasreddine Bencherchali 8e3d1fa653 Update web_win_webshells_in_access_logs.yml 2022-10-27 14:13:12 +02:00
Nasreddine Bencherchali c2045d6a91 Update web_win_webshells_in_access_logs.yml 2022-10-26 23:18:08 +02:00
frack113 5498621bbc Order yaml field 2022-10-25 10:08:58 +02:00
frack113 931fb30853 old experimental rule promotion 2022-10-09 16:54:04 +02:00
Florian Roth b634e1a3f9 Merge pull request #3562 from nasbench/pysigma-fix 
PySigma Issues Fix
 2022-10-07 09:21:15 +02:00
Florian Roth b75ef97876 Update web_exchange_proxyshell.yml 2022-10-07 08:48:01 +02:00
Florian Roth 87b306834c Update web_cve_2022_36804_atlassian_bitbucket_command_injection.yml 2022-10-06 09:29:06 +02:00
Florian Roth d8c80d9193 docs: add ATT&CK technique id 2022-10-06 08:39:53 +02:00
Florian Roth 8419124990 docs: change modified date 2022-10-06 08:39:12 +02:00
Florian Roth a47ed32736 fix: unused selection in 23eee45e-933b-49f9-ae1b-df706d2d52ef 2022-10-06 08:38:40 +02:00
Nasreddine Bencherchali 2c26614ce4 Update Wildcard + Int to Str fields 2022-10-05 23:15:20 +02:00
Nasreddine Bencherchali afb2e7567d Create web_cve_2022_36804_atlassian_bitbucket_command_injection.yml 2022-09-29 22:23:04 +02:00
Nasreddine Bencherchali fb44c6fa87 Update meta info 2022-09-13 22:14:45 +02:00
Wagga 4573ab0a21 Fix a lot of typos in rules text and comments #Part 3 (#3446) 2022-08-30 08:21:25 +02:00
Ali Saad Jaffer(ali42201) f62f2bb902 fix case on author for consistency 2022-08-18 17:48:44 -04:00
frack113 4316d9c500 Update condition 2022-08-18 18:38:14 +02:00
Gott a9f22696d8 Update web_cve_2022_27925_exploit.yml 
consolidated selection logic and stripped "cs-cookie: 'ZM_AUTH_TOKEN'", as it is most likely not logged
 2022-08-18 12:27:58 -04:00
Gott c1dc90f9ed Update web_cve_2022_27925_exploit.yml 
Added additional logic looking for a call to an uploaded webshell, with a 200 response
 2022-08-18 07:30:23 -04:00
Gott 224e30c3f4 Update web_cve_2022_27925_exploit.yml 
corrected issues surrounding the sigma checks and added an additional reference
 2022-08-18 07:25:29 -04:00
Gott 405b9aa563 Create web_cve_2022_27925_exploit.yml 2022-08-17 15:22:44 -04:00
Nasreddine Bencherchali 6798d69d00 Update 2022-08-15 00:22:08 +01:00
Nasreddine Bencherchali ce43b1da5c Create web_cve_2022_31659_vmware_rce.yml 2022-08-12 18:50:08 +01:00
Nasreddine Bencherchali 4f7738b867 Add rule CVE-2022-31656 2022-08-12 16:29:52 +01:00